software.amazon.awscdk.services.iam

Class PolicyDocument

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.iam.PolicyDocument

All Implemented Interfaces:

IResolvable, software.amazon.jsii.JsiiSerializable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:39.780Z")
 @Stability(value=Stable)
public class PolicyDocument
extends software.amazon.jsii.JsiiObject
implements IResolvable

A PolicyDocument is a collection of statements.

Example:

 IRole myTrustedAdminRole = Role.fromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
 // Creates a limited admin policy and assigns to the account root.
 PolicyDocument myCustomPolicy = PolicyDocument.Builder.create()
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*"))
                 .principals(List.of(new AccountRootPrincipal()))
                 .resources(List.of("*"))
                 .build()))
         .build();
 Key key = Key.Builder.create(this, "MyKey")
         .policy(myCustomPolicy)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PolicyDocument.Builder A fluent builder for PolicyDocument.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IResolvable

IResolvable.Jsii$Default, IResolvable.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	PolicyDocument()
protected	PolicyDocument(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	PolicyDocument(software.amazon.jsii.JsiiObjectRef objRef)
	PolicyDocument(PolicyDocumentProps props)

Method Summary

Modifier and Type	Method and Description
void	addStatements(PolicyStatement... statement) Adds a statement to the policy document.
static PolicyDocument	fromJson(Object obj) Creates a new PolicyDocument based on the object provided.
List<String>	getCreationStack() The creation stack of this resolvable which will be appended to errors thrown during resolution.
Boolean	getIsEmpty() Whether the policy document contains any statements.
Number	getStatementCount() The number of statements already added to this policy.
Object	resolve(IResolveContext context) Produce the Token's value at resolution time.
Object	toJSON() JSON-ify the document.
String	toString() Encode the policy document as a string.
List<String>	validateForAnyPolicy() Validate that all policy statements in the policy document satisfies the requirements for any policy.
List<String>	validateForIdentityPolicy() Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
List<String>	validateForResourcePolicy() Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

PolicyDocument

protected PolicyDocument(software.amazon.jsii.JsiiObjectRef objRef)

PolicyDocument

protected PolicyDocument(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

PolicyDocument

@Stability(value=Stable)
public PolicyDocument(@Nullable
                                               PolicyDocumentProps props)

Parameters:

props -

PolicyDocument

@Stability(value=Stable)
public PolicyDocument()

Method Detail

fromJson

@Stability(value=Stable)
 @NotNull
public static PolicyDocument fromJson(@NotNull
                                                                         Object obj)

Creates a new PolicyDocument based on the object provided.

This will accept an object created from the .toJSON() call

Parameters:

obj - the PolicyDocument in object form. This parameter is required.

addStatements

@Stability(value=Stable)
public void addStatements(@NotNull
                                                   PolicyStatement... statement)

Adds a statement to the policy document.

Parameters:

statement - the statement to add. This parameter is required.

resolve

@Stability(value=Stable)
 @NotNull
public Object resolve(@NotNull
                                                         IResolveContext context)

Produce the Token's value at resolution time.

Specified by:

resolve in interface IResolvable

Parameters:

context - This parameter is required.

toJSON

@Stability(value=Stable)
 @NotNull
public Object toJSON()

JSON-ify the document.

Used when JSON.stringify() is called

toString

@Stability(value=Stable)
 @NotNull
public String toString()

Encode the policy document as a string.

Specified by:

toString in interface IResolvable

Overrides:

toString in class Object

validateForAnyPolicy

@Stability(value=Stable)
 @NotNull
public List<String> validateForAnyPolicy()

Validate that all policy statements in the policy document satisfies the requirements for any policy.

Returns:

An array of validation error messages, or an empty array if the document is valid.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

validateForIdentityPolicy

@Stability(value=Stable)
 @NotNull
public List<String> validateForIdentityPolicy()

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

Returns:

An array of validation error messages, or an empty array if the document is valid.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

validateForResourcePolicy

@Stability(value=Stable)
 @NotNull
public List<String> validateForResourcePolicy()

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

Returns:

An array of validation error messages, or an empty array if the document is valid.

See Also:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

getCreationStack

@Stability(value=Stable)
 @NotNull
public List<String> getCreationStack()

The creation stack of this resolvable which will be appended to errors thrown during resolution.

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.

Specified by:

getCreationStack in interface IResolvable

getIsEmpty

@Stability(value=Stable)
 @NotNull
public Boolean getIsEmpty()

Whether the policy document contains any statements.

getStatementCount

@Stability(value=Stable)
 @NotNull
public Number getStatementCount()

The number of statements already added to this policy.

Can be used, for example, to generate unique "sid"s within the policy.